The oldest Trojan sample is dated October 2015, which suggests the threat has been active for over a year and a half. The latest variant encrypts the content of configuration files and almost all constant strings in the code, and also packs a service to steal targeted apps’ messages. The security researchers have captured 1,046 samples of SpyDealer and say that it is under active development, with three variants currently in the wild.
“On devices running later versions of Android, it can steal significant amounts of information, but it cannot take actions that require higher privileges,” the network security firm says. The Trojan is only effective against Android 2.2 to 4.4 releases, given that these are the only versions the rooting tool it uses supports, meaning that it could potentially infect around 25% of all Android devices. Palo Alto Networks researchers couldn’t determine exactly how SpyDealer infects devices, but say that it isn’t distributed through the official Google Play store and that some users might have been infected via compromised wireless networks. It can also answer incoming phone calls from a specific number, can record phone calls and the surrounding audio and video, can take photos with the device’s cameras, monitor location, and take screenshots. Once the malware has compromised a device, it can harvest an exhaustive list of personal information, including phone number, IMEI, IMSI, SMS, MMS, contacts, accounts, phone call history, location, and connected Wi-Fi information. It can steal information from popular applications such as WeChat, Facebook, WhatsApp, Skype, Line, Viber, QQ, Tango, Telegram, Sina Weibo, Tencent Weibo, Android Native Browser, Firefox Browser, Oupeng Brower, QQ Mail, NetEase Mail, Taobao, and Baidu Net Disk.
It uses root privileges to maintain persistence on the compromised device.Īccording to Palo Alto Networks, the Trojan can remotely control the device via UDP, TCP and SMS channels. A recently discovered Android Trojan can exfiltrate private data from more than 40 applications, Palo Alto Networks security researchers have discovered.ĭubbed SpyDealer, the malware is capable of stealing sensitive messages from communication apps using the Android accessibility service feature, and gains rooting privileges with the help of exploits from a commercial rooting app called Baidu Easy Root.
0 kommentar(er)
